Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0141

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Browser
Vendor: CVE Published:; 17 March 2017

What is CVE-2017-0141?

A remote code execution vulnerability exists in the handling of objects in memory by connected Microsoft web browsers. This flaw enables attackers to potentially execute arbitrary code within the context of the logged-in user. If an attacker exploits this vulnerability successfully, they could gain the same privileges as the user, including administrative rights if the user is an admin. This could lead to various malicious actions, such as installing unauthorized software, accessing sensitive data, or modifying system settings.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

http://www.securityfocus.com/bid/96685

vdb-entry

http://www.securitytracker.com/id/1038006

vdb-entry

EPSS Score

54% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016